Hello,
I have previously consulted on daniweb.......i have yet another problem now......
there seems to be some malware or something on my comp.......i recently installed a fresh XP2 after removing the previous version(coz it was not booting with that version, had no other way).......firstly avast is not updating and does not respond if i click the update button.......it shows viruses every time i startup(i del them but they come up the next time).......it asks that there is a suspicious file in WINDOWS/....(found using heuristic method) which may be a malware........so i used MBAM to scan, it showed some malware and i deleted them but they recur.....i get this DCOM Exploit fomr 59.93.26.(so on) from time to time and thr is this Generic Host Process for Win32 Services error minutes after i boot......had to reboot thrice before mailing coz the net goes down 1-2 mins after the message appears.....sound goes down and out(no sound system, it says).........
any help is appreciated.........my MBAM log is as follows........
Malwarebytes' Anti-Malware 1.38
Database version: 2318
Windows 5.1.2600 Service Pack 2
6/22/2009 11:09:34 PM
mbam-log-2009-06-22 (23-09-34).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 251016
Time elapsed: 32 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\autorun.inf (Worm.Autorun) -> Quarantined and deleted successfully.
C:\sm.exe (Worm.Autorun) -> Quarantined and deleted successfully.
BUT THESE SEEM TO REAPPEAR......i bootscanned with avast twice.........my latest MBAM log........
Malwarebytes' Anti-Malware 1.38
Database version: 2318
Windows 5.1.2600 Service Pack 2
6/23/2009 3:03:21 PM
mbam-log-2009-06-23 (15-03-21).txt
Scan type: Quick Scan
Objects scanned: 101211
Time elapsed: 6 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
THIS IS MY HIJACKTHIS LOG.........Not able to do it!.......the log is stuck at 'O4 registry and start menu autoruns'......
:(